Encryption

Encryption is the process of encoding all user data on an Android device using symmetric encryption keys. Once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process. Encryption ensures that even if an unauthorized party tries to access the data, they won’t be able to read it.

Android has two methods for device encryption: file-based encryption and full-disk encryption.

File-based encryption

Android 7.0 and later supports file-based encryption. File-based encryption allows different files to be encrypted with different keys that can be unlocked independently. Devices that support file-based encryption can also support Direct Boot, which allows encrypted devices to boot straight to the lock screen, thus enabling quick access to important device features like accessibility services and alarms.

With file-based encryption and APIs that make apps aware of encryption, apps can operate within a limited context. This can happen before users have provided their credentials while still protecting private user information.

Metadata encryption

Android 9 introduces support for metadata encryption, where hardware support is present. With metadata encryption, a single key present at boot time encrypts whatever content is not encrypted by FBE, such as directory layouts, file sizes, permissions, and creation/modification times. This key is protected by Keymaster, which in turn is protected by verified boot.

Full-disk encryption

Android 5.0 up to Android 9 support full-disk encryption. Full-disk encryption uses a single key—protected with the user’s device password—to protect the whole of a device’s userdata partition. Upon boot, the user must provide their credentials before any part of the disk is accessible.

While this is great for security, it means that most of the core functionality of the phone is not immediately available when users reboot their device. Because access to their data is protected behind their single user credential, features like alarms could not operate, accessibility services were unavailable, and phones could not receive calls.